UC-Check: Characterizing Micro-operation Caches in x86 Processors and Implications in Security and Performance
- 17 October 2021
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture
Abstract
The modern x86 processor (e.g., Intel, AMD) translates CISC-style x86 instructions to RISC-style micro operations (uops) as RISC pipelines are more efficient than CISC pipelines. However, this x86 decoding process requires complex hardware logic (i.e., x86 decoder) to identify variable-length x86 instructions, which incurs high translation overhead. To avoid this overhead, the x86 processors adopt a micro-operation cache (uop cache) to bypass the expensive x86 decoder by caching the decoded uops. In this paper, we find out modern uop caches suffer from (1) security vulnerability and (2) severe cache contention between co-located SMT cores. To understand these security and performance implications of the uop cache, we propose UC-Check to extract various undisclosed features by using carefully designed microbenchmarks. With the extracted features, (1) we present two attack scenarios exploiting the uop cache as a new timing side-channel and propose a secure architecture to mitigate these attacks with negligible overhead. In addition, (2) we propose a logical uop cache allocation technique to alleviate the cache contention problem. For the evaluation, we extract many undocumented features on a wide spectrum of modern x86 processors and show that our proposed schemes (e.g., security attack/defense, performance optimization) are directly applicable to commodity x86 processors. For example, our logical uop cache allocation improves uop cache hit ratios by up to 1.33 × and achieves up to 1.04 × throughput improvement. We release all software artifacts (e.g., microbenchmarks used for feature extraction, attack proof-of-concept codes, logical uop cache allocation) to the community so that the users can easily reproduce our results and gain insights for further research.Keywords
This publication has 54 references indexed in Scilit:
- Last-Level Cache Side-Channel Attacks are PracticalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AESPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Reverse-engineering embedded memory controllers through latency-based analysisPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- ISA WarsACM Transactions on Computer Systems, 2015
- Haswell: The Fourth-Generation Intel Core ProcessorIEEE Micro, 2014
- Reverse engineering of cache replacement policies in Intel microprocessors and their evaluationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Reducing memory interference in multicore systems via application-aware memory channel partitioningPublished by Association for Computing Machinery (ACM) ,2011
- Processor Microarchitecture: An Implementation PerspectiveSynthesis Lectures on Computer Architecture, 2010
- Yet another MicroArchitectural Attack:Published by Association for Computing Machinery (ACM) ,2007
- Compiler support for software-based cache partitioningACM SIGPLAN Notices, 1995